We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Boom or bust? Cyber security and data breach loss in Latin America

Every day in the news we are assaulted by reports of cyber security and data breaches of industry giants, major retailers and financial conglomerates that compromise the privacy and security of millions. In the wake of such crimes, cyber insurance premiums last year reached $2.5 billion, a 25 percent increase over the prior year, with estimated annual cyber-related business losses now as high as $400 billion. In a recent address, President Barack Obama opined that cybercrime will soon be “affecting our entire economy in ways that are extraordinarily significant.”

As the world watches such attacks unfold on a larger and sometimes more brazen scale, recent studies show that 90 percent of all cyber insurance policies are purchased by U.S. companies, revealing that just 10 percent of businesses around the world are covered. An ever-increasing portion of those businesses without coverage are located in Latin America, yet the region now includes several of the world’s fastest-growing economies and countries with the greatest increase in the adoption of Internet technology. According to IT Governance USA (February 4, 2015), for example, Brazil has the “world’s seventh largest economy and sixth largest population, with economic acceleration and technical growth second only to China.” Even on the lower end of the spectrum, Internet use has exploded in fast-developing Columbia from just 3 percent of the population in 2000 to well over 52 percent in 2014.

Lacking Defensive Measures

In addition to the obvious fact that more Internet users means more available Internet victims, there are several issues of concern in attempting to prevent and cover loss arising out of cybercrime in these booming economies. For one, most Latin American countries have done little in the way of enacting laws to dissuade cybercrime either through governing and reporting requirements for those in possession of sensitive data or through more severe penalties for corresponding loss. Without the motivation to more closely monitor and protect sensitive data, business losses and the incentive for criminals to attack will continue to grow

While several nations have legislation in the works, laws governing data security and cyber security incidents are scarce among these growing nations. Likely in response to its cybercrime losses estimated to be in excess of $3 billion, Mexico has led the charge with legislation designed to provide harsher penalties for data breaches. On the other hand, even with losses of roughly $8 billion attributed to cybercrime, Brazil still has not enacted a general data protection law. Just last year, Brazil finally approved what has been called a “general framework for Internet regulation of certain aspects of privacy.” Seemingly a good start, but not yet likely a sufficient deterrent.

In addition to the lack of effective penalties, these booming Latin American nations are vulnerable because of a high concentration of wealth coupled with insufficient cyber defense mechanisms. As expected, criminals will strike where the potential reward is high and the obstacles few. Additionally, an increased use of malware designed to infect systems, especially in Brazil, has become a popular weapon of choice. Finally, and perhaps most critical, a recent survey among the people and the organizations in the region reveals that many may simply be uninformed about options and virtually all are unprepared for what might ultimately be “doomsday.”

In its 2015 Global Cybersecurity Status Report, the Information Systems Audit & Control Association (ISACA) shared the following statistics among Latin American businesses, which are indeed shocking:

While 40 percent of businesses anticipate a cyber attack in 2015, just 23 percent believe that they are prepared.

While 82 percent believe that cyber attacks are among the three greatest threats of any kind facing organizations today, 52 percent have not even committed to providing cybersecurity awareness training for staff.

Taking the Initiative

Now is the time for these booming Latin American organizations to build their protective walls. In light of the growing scale of losses and magnitude of compromised data among even the most secure global organizations, wise businesses in Latin America not only will look for technological means of protection but also will join the frighteningly low 10 percent of non-U.S.-based organizations that have purchased cyber insurance coverage in preparation for the coming storm.

Through attorneys in its Data Privacy & Security and Latin America practices, Wilson Elser is prepared to provide a variety of cyber services, including training and counsel in preparation for the inevitable breach; immediate assistance in the hours, days and weeks following the breach; and, ultimately, skilled representation should a matter proceed to litigation.

Compare jurisdictions: BYOD: Bring Your Own Device

"Lexology is a very relevant and interesting resource for South African in-house lawyers. The newsfeeds are a good measure of a firm's expertise and offer an interesting insight into recent legal developments. I would highly recommend Lexology to colleagues."